WordPress is an open-source content management system (CMS) that is used to power millions of websites and blogs. Its usability, extensibility, and mature development community make it a popular choice for charities and civil society organisations.
Since its inception in 2003, WordPress has undergone continual hardening so its core software can address and mitigate common security threats. However, websites powered by WordPress are far from immune to attack. Common routes for hacking a WordPress website include:
- Vulnerabilities on hosting platforms
- Security issues in WordPress themes
- Security issues in WordPress plugins
- Weak or reused passwords
- Phishing of users, particularly administrators
- Out-of-date WordPress installations
Most websites are hacked simply because they can be; hackers use automated scripts to find known vulnerabilities and hack numerous sites at once. However, rights-based organisations, independent media, and advocacy groups also face the threat of targeted attacks by government, corporate or criminal interests intent on taking down or damaging your website. Whatever the motivation of the threat actor, an attack may leave your organisation facing among other things:
- Exposure of personal information
- Fine from the information regulator
- Loss of website
- Campaigns and other activities undermined
- Financial cost of recovery
- Reputational damage
- Website spam blacklisted
Our security specialists can work with your technical staff and our trusted partners, including Cloudflare, in order to harden your website as much as the functionality you require will allow.